SIMDAT Authentification and Autorisation

bootlessbwakInternet και Εφαρμογές Web

12 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

151 εμφανίσεις

SIMDAT Authentification and
Autorisation


Matteo Dell’Acqua

ET
-
CTS meeting, Toulouse, 26
-
30 May 2008



VGISC security requirements


Confidentiality


Users information , sensitive data


Data integrity


User authentication


Authorisation



PKI


Trust :Trust domain


user roles


data policies

Virtual Organisation Principles

A

B

C

D

F

E

Creation of trust domains

A

B

C

D

F

E

VGISC1

VGISC2


Agreement on user roles and data policies

Exchange of public keys


Data integrity, non
-
repudiation

A

B

C

D

F

E

VGISC1

VGISC2

B publishes a data with data policy
VGISC1.researcher

A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

A registers John Smith with
VGISC1.researcher
role

A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

John Smith wants to access dataset in B


A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

JS log
-
ins to
A

and issues request

John Smith wants to access dataset in B


A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

A

adds the user role
VGISC1.researcher

to the request and
signs it with its
private key, then
sends it to
B

John Smith wants to access dataset in B

A

B

C

D

F

E

VGISC1

VGISC2

B

checks signature of
A

against known public
keys.

B

checks if
A

is a member of
VGISC1
.

B

trusts
A

to tell the truth about the user’s role.

B

checks role against data policy.

VGISC1.researcher

VGISC1.researcher

Li Yang
is a registered user

with D, with the role
VGISC2.researcher

A

B

C

D

F

E

VGISC1

VGISC2

VGISC2.researcher

VGISC1.researcher

Li Yang
wants data from B

A

B

C

D

F

E

VGISC1

VGISC2

LY log
-
ins to
D

and issues request

VGISC2.researcher

VGISC1.researcher

Li Yang
wants data from B

A

B

C

D

F

E

VGISC1

VGISC2

D

signs the request
with its private key and
adds the user role
VGISC2.researcher

to
the request and sends it
to
B

VGISC2.researcher

VGISC1.researcher

Li Yang
wants data from B

A

B

C

D

F

E

VGISC1

VGISC2

B

checks signature of
D

against known public keys.

D

is either unknown, or not part of
VGISC1
.

Access is denied.


VGISC2.researcher

VGISC1.researcher

John Smith requests a certificate

A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

JS log
-
ins to
A

and requests a
certificate

John Smith export his certificate

A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

VGISC1.researcher

Signed by A

Certificate is created,
contains user roles and is
signed by
A

A is down… John Smith logs to C with his certificate

A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

Signed by A

JS logs into C with
the certificate
issued by A

A is down… John Smith logs to C with his certificate

A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

Signed by A

C

checks signature of
A
against it’s public key.

C

checks if
A

is a member of
VGISC1
.

C

adds the roles signed by A to the request.

C

also signs the request.

Request is sent to
B
.


A is down. John Smith logs

to C with his certificate.

A

B

C

D

F

E

VGISC1

VGISC2

VGISC1.researcher

VGISC1.researcher

Signed by A

B

checks signature of
A
and

C

against known
public key.

B

checks
A

and
C

are members of
VGISC1
.

B

trusts
A

to tell the truth about the user’s role.

B

checks role against data policy.


SIMDAT allows other trust domains to be created

A

B

C

D

F

E

VGISC1

VGISC2

Project X

SIMDAT allows other trust domains to be created

A

B

C

D

F

E

VGISC1

VGISC2

WMO?

Project X

Development status

Development of the Domain Authority: Authorization Engine


Support for Domains


X509 Certificates used to check exchanged messages and security tokens
[use of a PKI with several CAs]


Support for Attribute Certificates containing the user’s roles


SAML Tokens


Support for data policies qualifying the datasets. They have two components
domain.policy


Development of a user database on each nodes to locally manage the
users and roles


User’s only known at DWD will access some datasets at Meteo
-
France

Development status


Development of tools to manage the VO


Web Admin Interface for the Node


Create/delete domain, Add/remove domain member


Import domain member’s certificates in


Add/Create User,


Add/Remove User’s Roles


Development of command
-
line tools offering the same services as the
web interface



Use of NTP to synchronize all the Catalogue Nodes


To always deliver valid SAML tokens



Conclusion


There is a need to have different Authorization schemes


Some datasets will be accessible once the terms and conditions have
been accepted


Fairly weak security: user will self
-
register,


The portal automatically associates some roles to the user once the user
has agreed to the terms and conditions


Some datasets have to be very well protected and only accessible to a
number of registered users


High level of security: An admin will register the users and associate roles to
these users


There might be a need to support several Authz Token formats